Comment 21 for bug 934887
Revision history for this message
|
|
#21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
(In reply to comment #14)
> If a user is concerned of fingerprinting, there is general.
> to make up whatever you want.
*This is not true.* Doing an override yourself makes you significantly MORE fingerprintable, not less. This is because most people don't do this, thus any non-standard anything is highly fingerprint worthy. The only way to make a dent in the problem is to do it for everyone at once.
> > (comment #12) locale already removed in bug 572656 ...
>
> Not true, intl.accept_
I wasn't specific enough I guess. In comment 12 there I was specifically talking about the UA. The locale token was removed from the UA. Note that this was the UI locale, not the accept language locale (also noted in comment 12 to still be in requests). These two may coincide or they may not, depending on user setting.
> Geolocation or even IP resolving is doing a better job to localize a client
Location is a horrible way to guess locale, as discussed elsewhere. Doing so gives many people the wrong locale because they don't speak the local language.
(In reply to comment #15)
> you're even more recognizable by fingerprinting fonts and addons.
Plugins are a big problem not addressed here, but elsewhere. Extensions are a UA problem also mentioned. Fonts, by the way, you would largely be immune to sniffing of (at least via panopticlick.
> And security by obscurity is a myth.
Very true. I noted above that hiding minor versions won't really help with security, but that's as far as that axiom goes here. Remember, this bug is about fingerprintabli
(In reply to comment #16)
> > not to mention useful stats.
>
> I think statistical curiosity should have the least weigh when making the
> decision of what to expose.
Lower weight, yes, but not something to ignore.